Anti-Spyware Group Issues Final Guidelines

The divide between adware companies and software removal vendors seems to have grown in the last year, with at least one major lawsuit, and increasingly inflammatory rhetoric on all sides.

Adware comps accuse anti-spyware vendors of defaming them, and wrongly classifying and removing software that users might want. Adware company 180solutions last November filed a suit against software removal company Zone Labs, which classified 180solutions as a high security risk; charges included "trade libel," unfair trade practices, and tortious interference with business expectancies.

Others say that software removal companies provide a valuable service to consumers who have inadvertently downloaded adware programs--or, worse, have been victims of programs that downloaded themselves through exploits.

Now, in an attempt to bridge the disconnect between adware companies and software removal vendors, the Anti-Spyware Coalition--a group convened by the Center for Democracy and Technology that includes anti-spyware vendors like Aluria, Lavasoft, and McAfee, as well as major Internet companies AOL Microsoft and Yahoo!-- has released a final draft of its "risk model description."

The model--touted by the Anti-Spyware Coalition as providing transparency to the rationale for classifying programs as potentially harmful--sets out a complicated matrix of factors used to categorize adware and other software. For instance, the model asks whether the software delivers ads. If so, the question then becomes whether the ads are attributed to their source program clearly (considered low-risk), indirectly via a pop-up with a label (considered medium-risk), or not at all (high-risk).

But these are only some of the criteria. The model also looks at other factors, including circumstances surrounding installation. For example, an installation originating at a site designed for children is considered medium-risk.

While the 16-page report details a variety of criteria, it stops short of recommending a formula to determine whether programs should be targeted for removal. For that reason, the document isn't likely to completely satisfy the concerns of adware companies.

Sean Sundwall, director of corporate communications at 180solutions, said that his company, for one, is concerned that the draft doesn't provide clear guideline for when software programs should be targeted for removal. "Overall, the risk factors document appears to address the most egregious behaviors and draws appropriate boundaries that clearly define what is and is not acceptable," said Sundwall in an e-mail to OnlineMediaDaily. But, he added: "Our biggest concern is that scanning applications still have enough latitude in implementing these standards to make them meaningless. The worth of these criteria will largely be determined by how closely the scanning applications actually follow them."

David McGuire, spokesman for the Center for Democracy and Technology, said the purpose of the document is to "bring clarity to the process that anti-spyware companies use to identify dangerous behaviors in software" rather than to tell companies how to decide which programs to remove. "We're not seeking to homogenize anti-spyware technology," he said. "We think diversity is a real value."

Source